Skip to content
This repository has been archived by the owner on Jan 29, 2024. It is now read-only.

Commit

Permalink
OpenSearch - Update Advanced parameters
Browse files Browse the repository at this point in the history
  • Loading branch information
web-flow authored Sep 26, 2023
1 parent 66f33b2 commit 7e2bc40
Showing 1 changed file with 127 additions and 5 deletions.
132 changes: 127 additions & 5 deletions includes/config-opensearch.rst
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
..
``additional_backup_regions``
-----------------------------
*array*

**Additional Cloud Regions for Backup Replication**
``additional_backup_regions``
-----------------------------
*array*

**Additional Cloud Regions for Backup Replication**



Expand Down Expand Up @@ -97,6 +97,86 @@



``openid``
----------
*object*

**OpenSearch OpenID Connect Configuration**

``enabled``
~~~~~~~~~~~
*boolean*

**Enable or disable OpenSearch OpenID Connect authentication** Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider.

``connect_url``
~~~~~~~~~~~~~~~
*string*

**OpenID Connect metadata/configuration URL** The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings.

``roles_key``
~~~~~~~~~~~~~
*['string', 'null']*

**The key in the JSON payload that stores the user’s roles** The key in the JSON payload that stores the user’s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT

``subject_key``
~~~~~~~~~~~~~~~
*['string', 'null']*

**The key in the JSON payload that stores the user’s name** The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional.

``jwt_header``
~~~~~~~~~~~~~~
*['string', 'null']*

**The HTTP header that stores the token** The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer <token>. Optional. Default is Authorization.

``jwt_url_parameter``
~~~~~~~~~~~~~~~~~~~~~
*['string', 'null']*

**URL JWT token.** If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional.

``refresh_rate_limit_count``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*['integer', 'null']*

**The maximum number of unknown key IDs in the time frame** The maximum number of unknown key IDs in the time frame. Default is 10. Optional.

``refresh_rate_limit_time_window_ms``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*['integer', 'null']*

**The time frame to use when checking the maximum number of unknown key IDs, in milliseconds** The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds).

``client_id``
~~~~~~~~~~~~~
*string*

**The ID of the OpenID Connect client** The ID of the OpenID Connect client configured in your IdP. Required.

``client_secret``
~~~~~~~~~~~~~~~~~
*string*

**The client secret of the OpenID Connect** The client secret of the OpenID Connect client configured in your IdP. Required.

``scope``
~~~~~~~~~
*string*

**The scope of the identity token issued by the IdP** The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone.

``header``
~~~~~~~~~~
*string*

**HTTP header name of the JWT token** HTTP header name of the JWT token. Optional. Default is Authorization.



``index_patterns``
------------------
*array*
Expand Down Expand Up @@ -225,6 +305,12 @@

**action.auto_create_index** Explicitly allow or block automatic creation of indices. Defaults to true

``auth_failure_listeners``
~~~~~~~~~~~~~~~~~~~~~~~~~~
*object*

**Opensearch Security Plugin Settings**

``thread_pool_search_size``
~~~~~~~~~~~~~~~~~~~~~~~~~~~
*integer*
Expand Down Expand Up @@ -339,6 +425,42 @@

**Sender password for Opensearch alerts to authenticate with SMTP server** Sender password for Opensearch alerts to authenticate with SMTP server

``ism_enabled``
~~~~~~~~~~~~~~~
*['boolean', 'null']*

**Specifies whether ISM is enabled or not**

``ism_history_enabled``
~~~~~~~~~~~~~~~~~~~~~~~
*['boolean', 'null']*

**Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document.**

``ism_history_max_age``
~~~~~~~~~~~~~~~~~~~~~~~
*['integer', 'null']*

**The maximum age before rolling over the audit history index in hours**

``ism_history_max_docs``
~~~~~~~~~~~~~~~~~~~~~~~~
*['integer', 'null']*

**The maximum number of documents before rolling over the audit history index.**

``ism_history_rollover_check_period``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*['integer', 'null']*

**The time between rollover checks for the audit history index in hours.**

``ism_history_rollover_retention_period``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*['integer', 'null']*

**How long audit history indices are kept in days.**



``index_template``
Expand Down

0 comments on commit 7e2bc40

Please sign in to comment.